top | item 44963676

(no title)

benburkert | 6 months ago

It does not.

Anchor never see sees your private keys for certificates.

We hold an ACME account key on your behalf with the CA, but we cannot use it impersonate your domain or decrypt traffic.

We have a more technical overview of how this works in our docs: https://anchor.dev/docs/public-certs/acme-relay

discuss

hannob|6 months ago

> We hold an ACME account key on your behalf with the CA, but we cannot use it impersonate your domain or decrypt traffic.

That makes no sense whatsoever. If you have an ACME account key for my domain, of course you can use it to impersonate my domain. You just need to create another certificate. (Which I could detect, but if I know how to do that, I'm probably not going to need your service anyway.)

masfuerte|6 months ago

If users delegate their DNS to you, what's stopping you issuing a certificate to yourself for their site?

benburkert|6 months ago

We theoretically could, but those certificates would show up in CT logs. (For quick & easy monitoring, you can get an RSS feed for your domain on https://crt.sh/, but it's not the most reliable service.) It would be a reputation killer if we did that, just like it would be for your DNS provider or ISP.

nbadg|6 months ago

Certificate transparency logs are likely the only realistic way, but you could make the same argument against your DNS provider. Trust has to start somewhere.

Whether or not something like this makes sense to you is probably a question of your personal threat model.